Host processor systems may store and retrieve data using a storage device containing a plurality of host interface units (host adapters), disk drives, and disk interface units (disk adapters). Such storage devices are provided, for example, by EMC Corporation of Hopkinton, Mass., and disclosed in U.S. Pat. No. 5,206,939 to Yanai et al., U.S. Pat. No. 5,778,394 to Galtzur et al., U.S. Pat. No. 5,845,147 to Vishlitzky et al., and U.S. Pat. No. 5,857,208 to Ofek. The host systems access the storage device through a plurality of channels provided therewith. Host systems provide data and access control information through the channels of the storage device and the storage device provides data to the host systems also through the channels. The host systems do not address the disk drives of the storage device directly, but rather, access what appears to the host systems as a plurality of logical volumes. The logical volumes may or may not correspond to the actual disk drives.
In some cases, it may be necessary to provide access to a computer storage device for maintenance and/or reconfiguration of the computer storage device. However, since the type of access needed to be able to perform maintenance and/or reconfiguration is the same type of access that would allow a malicious user to damage the computer storage device and/or eliminate or corrupt data stored thereon, it is useful to be able to restrict the particular users that have the type of access needed to perform maintenance and/or reconfiguration of the computer storage device. One way to do this is to password protect the computer storage device and provide the password only to those users that are allowed to perform maintenance and/or reconfiguration on the computer storage device. However, at some point, it may become desirable to revoke access for at least some of the users that were previously given access. For example, a user that works for a company that maintains the storage device may leave that company. In addition, authorized users may inadvertently (or otherwise) divulge a password to a malicious user who may then use the password to gain access and damage the storage device and/or destroy or corrupt the data. Also, in some instances, administrators may share an administrator account.
One way to address this difficulty is to connect (e.g., via a communications cable, the Internet, etc.) each of the storage devices to a central security device that manages security/access for all of the storage devices and that reconfigures and revokes users' passwords that allow access to the storage devices. The central security device may provide a mechanism for on-line account management where each user has an individual account and private password. The on-line account management may be used for employment control to disable an account of one who is no longer employed. In instances where it is desirable to revoke a user's access or in instances where an authorized user has divulged a password, the central security device, coupled to the storage device, may change/revoke the affected password and then notify authorized users of the change. However, such a central security device may be impractical for a number of reasons, not the least of which is the fact that it may be difficult to connect all storage devices to the central security device.
Furthermore, for some encryption techniques, it may be possible for a malicious user to determine a decryption key given a large enough sampling of encrypted values and the corresponding clear text values. Thus, even in cases where a user performing maintenance is given encrypted values that allow access to the storage device without giving the user a decryption key, anyone with knowledge of the encrypted values and the corresponding clear text values, including the user, may be able to eventually ascertain the encryption key and breach the security of the system.
Accordingly, it is desirable to address the security issues that arise when passwords for accessing security devices need to be changed/revoked without having to provide remote connections to the storage devices and to further enhance security of the system.